Is a Worldwide Cyberwar Already Underway?

Excuse me, but did World War III break out while I was
momentarily distracted by a YouTube video of a kitten jumping out of a
cardboard box? Ever since Google
traced several months of hacking attempts on its systems back to two Chinese
universities, industry watchers have sounded off with choruses of “Told
you so,” and “This is nothing new,” and “Just wait, this is
only the beginning.”

To recap: the “Aurora” malware that Google discovered
took advantage of a zero-day vulnerability in Microsoft Internet Explorer to
install spyware that route information indirectly to China. What was most
troubling was that the attack seemed to focus on both human rights activists and
American companies looking to do business in China. “No way,” said the
leaders of Shanghai Jiaotong University,
whose students recently beat Stanford
in an international computer “battle of the brains,” and Lanxiang Vocational School, an
institution that was built with Chinese military support.

As troubling as this kind of international hacking is,
equally chilling is the notion that it happens all the time. Experts note that Britain, France,
Israel, and the U.S. have
all been accused of espionage-style hacking. One Chinese professor at Jiaotong,
who wisely chose to remain anonymous, told the
New York Times, “I’m not surprised. Actually students hacking into
foreign Web sites is quite normal.”

Fantastic. Are American
companies – is your company – safe from international corporate espionage? “The
message for American businesses, especially ones doing business in foreign
countries, is clear,” wrote Gideon
J. Lenkey, co-founder of Ra Security
Systems in an article for Internet
Evolution. “Don’t underestimate the threat of economic espionage. If
you don’t take your information security seriously, the person across the table
you’re negotiating with may already know all the cards you’re holding.”

In fact, our government itself may be metaphorically
outgunned. Last Tuesday, Michael
McConnell, the director of national intelligence in the Bush
administration, told a Senate committee hearing that, “The cyber risk has
become so important that, in my view, it rivals nuclear weapons in terms of
seriousness.” And furthermore, “If the nation went to war today in a
cyberwar, we would lose,” he said. “We’re the most vulnerable, we’re
the most connected, and we have the most to lose.”

McConnell also predicted that it will take a catastrophic cyberattack
to inspire the federal government to take strong action. As things stand now, a
cybersecurity bill has been bouncing around Congress for more almost a year. Maybe
it doesn’t matter anyway, given the borderless nature of the Internet. “Nations
are in denial,” Indian cyberlaw expert Pavan Duggal said in a Reuters report. “It may take a big
shock of an event to wake people out of their complacency, something equal to a
9/11 in cyberspace.”

This is why security isn’t just the IT buzzword of the year.
It’s going to be the IT buzzword of the decade. There’s no hotter sector in IT
today, and incidents like the Google hack are only going to make it even hotter
as organizations large and small – not to mention government agencies – look to
buttress their defenses.

Sadly, I have to agree with the pundits who say we’re just
at the very beginning of the cyberspace security battles to come. Is this the
fate of the Earth? An endless cyberwar pitting armies of caffeinated computer
science students against each other while countries sell each other electronics
equipment pre-loaded with hidden malware? Will the next world war be fought not
with guns but with infected USB flash drives? While we wait to see what
happens, let’s all shore up our firewalls and hope for the best.